SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Plus Los Angeles, Atlanta, San Francisco, Bangalore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ****************************************************************************

TOP OF THE NEWS

Iran's nuclear program has experienced a setback, but diplomats have no specific information about the problem that forced the powering down of enrichment machines. The Stuxnet worm is suspected to be involved. Hundreds of centrifuges have been taken offline in the last year-and-a-half. -http://www.msnbc.msn.com/id/40323245/ns/world_news-mideastn_africa/ Editor's Comment (Northcutt): NewsBites reader Mark Walker wrote to point out that there is a risk someone could reverse engineer Stuxnet and use the information to attack other targets. We may think of Stuxnet as an attack, but it could also be a transfer of technology. ]

Proposed legislation would give the US Department of Homeland security (DHS) the authority to impose fines of up to US $100,000 a day on organizations that are responsible for elements of the country's critical infrastructure if they have not complied with cyber security directives imposed by DHS. The Homeland Security Cyber and Physical Infrastructure Protection Act would have DHS create a list of companies whose operations are critical to the continuing operation of the country's infrastructure. Those companies will be required to comply with DHS established regulations, which could include submitting their cyber security plans to DHS for approval and having "announced or unannounced audits and inspections." It would also call for DHS Secretary Janet Napolitano to appoint a cyber security chief. The bill has raised concerns among many who say that DHS lacks the expertise to establish cyber security requirements and evaluate their effectiveness. -http://news.cnet.com/8301-13578_3-20023464-38.html[Editor's Note (Pescatore): There is a predictable arc to all compliance regimes that almost invariably ends in the cost of feeding the compliance regime exceeding any measurable security gain. At first, that new compliance regime allows us to finally convince management to fund necessary security improvements but the next year the compliance monster gets hungrier - and every year after that. Security *spending* always goes up, the actual level of security rarely does. (Schultz): Having both a DHS cyber security chief and a Presidential cybersecurity advisor would be anything but good. It would at a minimum set the stage for incessant conflict.]

Google to Destroy UK Street View Wi-Fi Data (November 19, 2010)

Google will destroy the data it collected in the UK while gathering information for Street View, according to the Information Commissioner's Office (ICO). Deputy Information Commissioner David Smith said there was no evidence that the data "had fallen into the wrong hands" and that his office would not conduct any further enquiries into the issue. -http://www.bbc.co.uk/news/technology-11797907-http://www.msnbc.msn.com/id/40280537/ns/technology_and_science-security/******************** SPONSORED LINK ******************************** 1) REGISTER NOW for the upcoming webcast: Beyond AV: Total Endpoint Security For Multi-Regulatory Compliance and Better Security, Sponsored By: BigFix http://www.sans.org/info/67158 **********************************************************************

THE REST OF THE WEEK'S NEWS

Alleged Federal Reserve Bank Hacker Arraigned (November 22, 2010)

Lin Mun Poo, the Malaysian man who allegedly hacked into a Federal Reserve Bank of Cleveland computer system as well as computer systems at a Defense Contractor and "several major international banks," was arraigned in federal court on November 22. Poo entered a plea of not guilty. One law enforcement official called the alleged activity "scary stuff." Poo was arrested in October just after flying into John F. Kennedy International Airport; he had with him a "heavily encrypted" laptop computer that was found to contain "more than 400,000 [payment card ] and bank account numbers." He is facing charges of access device fraud, aggravated identity theft, unlawful transmission of computer code and commands, and unauthorized computer access involving government information. -http://www.msnbc.msn.com/id/40306517/ns/us_news-security/ Indictment: -http://msnbcmedia.msn.com/i/msnbc/Sections/NEWS/poo_indictment.pdf

MoD Official Targeted by Malicious eMail (November 22, 2010)

An email received by a British defense official was found to contain malware designed to leak information from infected system to a foreign intelligence agency. The message came from an individual the official had met at a conference. -http://www.theregister.co.uk/2010/11/22/mod_spear_phish/

Man Used Malicious eMail to Steal Personal Information and Take Control of Webcams (November 22, 2010)

Adobe Releases Reader X (November 19, 2010)

Adobe has released Reader X, the newest version of its PDF reader software. The Protected Mode of Reader X for Windows isolates system processes in a sandbox. Reader X for Mac Os X and Android do not include the sandbox. Adobe's Director of Security and Privacy Brad Arkin acknowledges that the new feature will not stop every attack but said "It provides a strong additional level of defense against attacks." Other applications already using sandboxing include Google's Chrome browser, and Microsoft Internet Explorer and Office 2010. -http://www.computerworld.com/s/article/9197230/Adobe_launches_sandboxed_Reader_X?source=rss_news-http://www.theregister.co.uk/2010/11/19/adobe_reader_sandbox/[Editor's Note (Pescatore): Sandboxes are good, they limit damage - like bulkhead doors in a submarine. However, a submarine with great bulkheads still need to make sure they aren't using screen windows. ]

Britain's Lord Chief Justice Lord Judge recently published a lecture decrying the misuse of the Internet by jurors, saying that "We cannot accept that the use of the Internet, or rather its misuse, should be acknowledged and treated as an ineradicable fact of life, or that a Nelsonian blind eye should be turned to it or the possibility that it is happening." Lord Judge also said that judges should strongly warn jurors not to use the Internet to research the cases or to share information about the cases about which they are deliberating, and that notices in the jury rooms should remind jurors that such activity could be viewed as contempt of court. -http://www.bbc.co.uk/news/uk-11796648

LifeLock Sending Refund Checks as Part of Settlement With FTC (November 19, 2010)

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Adv isory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/